Learn more about your ad choices. Visit megaphone.fm/adchoices
you're listening to the cyberwire network powered by N2k this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business so the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom calm and use promo code cyber 10 that's legal zoom calm and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ legal services LLC anonymous claims Turkish DDoS opponents mall responses to ISIS and cyberspace governments involvement in Juniper back door and Iranian group claims hack of downstate New York dam I'm Dave Bittner in Baltimore with your cyberwire summary for Monday December 28 2015 a large distributed denial of service campaign continues to disrupt Turkey's servers online banking has been worrysomely affected with other sectors sustaining various degrees of disruption the dot TR domain has been under attack since around December 14th and Turkey's government has resorted to blocking inbound foreign traffic in an effort to mitigate the campaign's effects anonymous claims credit for the operation which it maintains is retaliation for Turkish support of ISIS Turkey naturally denies supporting ISIS anonymous also claims to have averted a significant terrorist action in Italy through its infiltration of ISIS communications perhaps the hacktivist Darkly suggests shared with various governments Italian authorities have nothing to say on the matter ISIS - over the weekend posted a new video mocking the Saudi-led coalition against extremism ISIS sympathizers also took a poke at university websites in New Jersey and small business in Texas the fight against ISIS makes for strange bedfellows Russian intelligence services are said to be cooperating closely with Afghanistan's Taliban against - no government seems to have an answer to - recruiting an inspirational chatter frustration moves some officials and policy wonks in the US to talk up measures to restrict strong encryption or access to jihadist websites and China and acts a law that mandates back doors but these measures are over determined they would have been attractive modes of social control in any case a nominally independent Iranian group claims credit for the New York dam hack downstate officials continue to press the feds for details and cast doubt on the effectiveness of cyber threat intelligence sharing measures the recently disclosed Juniper networks issues remain under investigation many observers perceive some government's hand in the matter which government or governments remains a matter of dispute whether you're making a delicious family meal or a post workout snack choose the farm fresh taste of egglands best eggs only egglands best hands are fed their proprietary all vegetarian feed that's what makes their eggs more nutritious with 10 times more vitamin e 25 percent less saturated fat and six times more vitamin d compared to ordinary eggs egglands best better taste better nutrition better eggs visit egglands best dot com to learn more and now a word from our sponsor know before it's all connected and we're not talking conspiracy theories when it comes to info sec tools effective integrations can make or break your security stack the same should be true for security awareness training know before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture know before's security coach uses standard apis to quickly and easily integrate with your existing security products from vendors like Microsoft CrowdStrike and Cisco 35 vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real-time coaching campaigns targeting risky users based on those events from your network end point identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft teams slack or email learn more at know before dot com slash security coach that's know before dot com slash security coach and we thank know before for sponsoring our show Black Friday football on prize back this week the Raiders and the Chiefs into the end zone unbelievable catch an old-school rivalry for a new game day stream for free only on prime Black Friday football Raiders versus Chiefs kick off at 3 p.m. Eastern pregame at 1.30 p.m. Friday only on prime restrictions apply cms.com/watch Black Friday football for details imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game-changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the maverick's identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs when the coast is clear it's a seamless switchback no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro joining me once again is john petrick editor of the cyberwire john let's talk about information operations in particular what have they got to do with cyber security i know the conventional wisdom is that information ops have nothing to do with hacking viruses trojans and things like that well as usual the conventional wisdom has the details right but it's got the big picture wrong now of course information operations need to have nothing at all to do with hackers APT's viruses or malware of any kind they're much broader than that i think a good way to approach them is by understanding us military doctrine and in that doctrine and here i'll quote joint pub 3-13 information operations include strategic communications public affairs they are at the integrated employment the manual says of electronic warfare computer network operations psychological operations military deception and information security in concert with specified supporting related capabilities to when this is the key point influence disrupt corrupt or usurp adversary of human and automated decision making while protecting our own uh best the u_s department of defense okay but once again um how does cyberspace figure into information ops so once again i think we can return to the department defense doctrine and on that topic it says cyberspace capabilities when they're in support of information operations deny or manipulate adversary or potential adversary decision making through targeting an information medium such as wireless access point in the physical dimension the message itself an encrypted message in the information dimension or what they call a cyber persona that is an online identity that facilitates communication decision making and influencing of audiences in the cognitive dimension when employed in support of information operations cyberspace operations the manual says generally focus on the integration of offensive and defensive capabilities exercising into cyberspace in concert with other measures in coordination across multiple lines of operations and lines of effort so to step away from the the language of doctrine for a minute if you're familiar with online marketing think of cyber information operations is online marketing and battle stress but the target demographic isn't customers here it's adversaries and so are we seeing the bad guys engaging in information operations yes we are indeed and in fact in the case of isis it's their stock and trade if you governments worry about isis hacking very much in the classical sense of hacking in that their technical operations conducted against non-cooperating systems isis really has ensured much ability in that regard however much they'd like to we haven't seen reports of isis sympathizes establishing persistent presence and networks shutting down systems corrupting data or even stealing data we have seen some website defacements and we saw some late last week essentially cyber vandalism but governments still worry about isis and cyberspace and they're concerned because isis recruits its members online and it does so with considerable success they're also concerned because isis uses the internet to inspire acts of terrorism they may also use it to some extent coordinate or control terrorist actions particular successful inspiration of terrorists there's no doubt so if you could summarize like why is this of concern for those of us in the cyber security world yeah today information is carried it's stored it's transmitted it's even created largely in cyberspace and what happens in cyberspace under opposition is a security matter because unfortunately what happens in cyberspace doesn't stay in cyberspace and that makes it cyber security all right john petrick once again thanks for joining us john is the editor of the cyber wire the it world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloud flare created the first ever connectivity cloud visit cloud flare dot com to protect your business everywhere you do business imagine a world-class graduate education that's accessible flexible and designed for career impact that's harvard extension school build actionable knowledge and skills in challenging online classes taught by harvard faculty and industry experts explore new opportunities and expand your network with high achieving professionals from around the world part-time learning real world impact this is harvard on your terms learn more at extension dot harvard dot edu slash botify and that's the cyber wire we are proudly produced in maryland by our talented team of editors and producers i'm dave bitner thanks for listening and now a word from our sponsor nord pass nord pass is an advanced password manager from the team behind nord vpn designed to help keep your business safe from data leaks and cyber threats it gives your it professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www dot nord pass dot com slash cyber wire for 35 percent off the nord pass business yearly plan don't miss out on that